jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

reverseproxy: simplify certificate renewal

Browse Source 
An issue was that mail container was not getting refreshed with the up to
date certs. The root cause is that it is refreshed only in the renewCerts()
cron job. If cert renewal was caused by an app task, then the cron job will
skip the restart (since cert is fresh).

The other issue is that we keep hitting 0 length certs when we run out of disk
space. The root cause is that when out of disk space, a cert renewal will
cause cert to be written but since it has no space it is 0 length. Then, when
the user tries to restart the server, the box code does not write the cert again.

This change fixes the above two including:
* To simplify, we use the fallback cert only if we failed to get a LE cert. Expired LE certs
  will continue to be used. nginx is fine with this.

* restart directory as well on renewal
This commit is contained in:
Girish Ramakrishnan
2022-11-11 18:09:10 +01:00
parent f917eb8f13
commit 9c8f78a059
8 changed files with 216 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/test/reverseproxy-test.js
View File

@@ -13,7 +13,7 @@ const common = require('./common.js'),
reverseProxy = require('../reverseproxy.js');
describe('Reverse Proxy', function () {
const { setup, cleanup, domain, auditSource, app } = common;
const { setup, cleanup, domain, auditSource, app, admin } = common;
const domainCopy = Object.assign({}, domain);
before(setup);
@@ -147,9 +147,9 @@ describe('Reverse Proxy', function () {
});
it('returns prod acme in prod cloudron', async function () {
const { acme2, apiOptions } = await reverseProxy._getAcmeApi(domainCopy);
expect(acme2._name).to.be('acme');
const apiOptions = await reverseProxy._getAcmeApiOptions(domainCopy);
expect(apiOptions.prod).to.be(true);
expect(apiOptions.email).to.be(admin.email);
});
});
@@ -161,9 +161,9 @@ describe('Reverse Proxy', function () {
});
it('returns staging acme in prod cloudron', async function () {
const { acme2, apiOptions } = await reverseProxy._getAcmeApi(domainCopy);
expect(acme2._name).to.be('acme');
const apiOptions = await reverseProxy._getAcmeApiOptions(domainCopy);
expect(apiOptions.prod).to.be(false);
expect(apiOptions.email).to.be(admin.email);
});
});